RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-10-31 04:32:44 +00:00
Code Issues Activity Actions

LibGfx: Fix bounds overflow in JPGLoader

Browse source 
Taotao Gu has been fuzzing serenity libs with their own custom fuzzer.
They reported some issues it found privately, this overflow was found
in the JPGLoader using that fuzzer.

Reported-by: Taotao Gu <gutaotao1995@qq.com>
This commit is contained in:
Brian Gianforcaro 2022-04-16 20:30:06 -07:00 committed by Ali Mohammad Pur
parent 4ea910d129
commit 9191829a39
1 changed files with 2 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

2
Userland/Libraries/LibGfx/JPGLoader.cpp
View file

@ -420,6 +420,8 @@ static Optional<Vector<Macroblock>> decode_huffman_stream(JPGLoadingContext& con
static inline bool bounds_okay(const size_t cursor, const size_t delta, const size_t bound) static inline bool bounds_okay(const size_t cursor, const size_t delta, const size_t bound)
{ {
if (Checked<size_t>::addition_would_overflow(delta, cursor))
return false;
return (delta + cursor) < bound; return (delta + cursor) < bound;
} }